Re: PCANYwhere thru PIX

ddicky · ‎06-21-2003

I'm having a VPN connection back to the PIX but PCanywhere connection is not able to established.Any advise on which ports to open.

ywadhavk · ‎06-21-2003

Hi,

The defaults ports that PcAnywhere uses are tcp 5631 and udp 5632. In addition to these, PcAnywhere also uses transient tcp ports from 1024 to 5000.

Hope this helps,

Yatin

ddicky · ‎06-21-2003

How should I configure it on the PIX inorder to allow the PCanywhere traffice to go thru

ywadhavk · ‎06-23-2003

Create an acl something like the below and apply it to the proper interface. I guess it would be the outside int in the IN direction;

access-list 122 permit tcp host 1.1.1.1 any eq 5631

access-list 122 permit udp host 1.1.1.1 any eq 5632

access-list 122 permit tcp host 1.1.1.1 any gt 1024

access-group 122 in interface outside

Make sure that you also have the other policies defined for the traffic to come in from the outside. The above is in addition to what you already have allowed from the outside.

Thanks,

yatin

r.crist · ‎06-24-2003

Yatin's reply is correct, but to narrow down the number of ports you're permitting inbound you can assign a range in the ACL by using an object-group - provided, of course, that you're running version 6.3(1) or above:

object-group service pcanywhere tcp

port-object eq 5631

port-object eq 5632

port-object range 1024 5000

access-list 122 permit tcp host 1.1.1.1 any object-group pcanywhere

access-group 122 in interface outside

Hope this helps.

-Rich